CVE-2024-42254

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to inconsistent error handling in the io alloc pbuf ring() function within the io uring subsystem of the Linux kernel, which can lead to a null pointer dereference. This could potentially allow an attacker to cause a denial of service. The problem is identified by Syz and is associated with a null pointer dereference in the range [0x0000000000000000-0x0000000000000007]. The call trace includes functions such as io remove buffers(), io put bl(), io destroy buffers(), and io ring ctx free(). There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.